A forthcoming survey of computer crime investigators suggests that electronic surveillance is a bit more commonplace than most people might expect.
Even a relatively small group of 100 police working on online investigations reports submitting as many as 22,800 legal requests for information a year to Internet and e-mail providers, a category that includes both subpoenas and search warrants.
CNET has reviewed a presentation scheduled to be given at a federal task force meeting on Thursday, which says that the survey respondents said they submitted a total of anywhere from 2,868 to 22,800 requests for information a year. (See one excerpt and another.)
"Most Internet users do not realize how often the government is demanding personal information from companies, often without judicial oversight, and how often companies turn it over," says Nicole Ozer, technology director for the ACLU of Northern California. "Companies are refusing to disclose to the public how many demands they get. It appears that the government is demanding that Internet companies turn over so much personal information about users, so often, that companies can't keep up."
No law requires that the number of subpoenas and search warrants sent to Internet and e-mail providers be made public. Federal law does require the disclosure of certain types of wiretaps--in 2004, for instance, there were 1,442 nonterrorism-related wiretaps, and only 4 percent targeted computers and electronic devices.
Sixty-one of survey respondents reported that their investigations were "detrimentally" affected because data were not retained long enough, and 47 percent said they had to end an investigation because data were not retained. The survey was conducted in late October 2009. (In general, subscriber information such as billing addresses can be obtained with a subpoena, and content information such as the contents of an e-mail message can be obtained with a search warrant.)
The survey, according to two people with knowledge of the situation, is part of a broader push from law enforcement agencies to alter the ground rules of online investigations. Other components include renewed calls for laws requiring Internet companies to store data about their users for up to five years, and a push for a national Web interface linking police computers with those of Internet and e-mail providers so requests can be sent and received electronically instead of via fax.
The survey's author is Frank Kardasz, who is scheduled to present it at a meeting of the Online Safety and Technology Working Group, organized by the U.S. Department of Commerce. Kardasz, a sergeant in the Phoenix police department and a project director of Arizona's Internet Crimes Against Children task force, said in an e-mail exchange on Tuesday that he is still revising the document and was unable to discuss it.